Ransomware poses a significant threat to organizations worldwide, including those in Vietnam. In the first half of 2024, Vietnam experienced ransomware attacks that resulted in losses and disruptions to online services across various sectors such as securities, energy, telecommunications, and logistics.

VNCERT/CC, a branch of the Authority of Information Security (AIS), highlighted Eldorado as a new type of RaaS (ransomware as a service) that emerged in March. This ransomware is associated with versions targeting the VMware ESXi virtual manager and Windows operating system.

Researchers from Group-IB observed Eldorado’s operations and noted that these attacks were advertised on the RAMP forum, seeking individuals with advanced cyber attack skills.

Eldorado, coded in Go programming language, can encrypt both Windows and Linux operating systems through two distinct but similar variants, expanding its range of impact.

Group-IB discovered that Eldorado employs ChaCha20 algorithms for data encryption, appending files with a “.00000001” extension and leaving ransom notes named “HOW_RETURN_YOUR_DATA.TXT” in Documents and Desktop folders.

In addition to file encryption, Eldorado leverage SMB communication protocol to encrypt network shares and deletes shadow copies on compromised Windows systems to hinder recovery efforts. The malware is programmed to self-delete by default to evade detection and analysis.

VNCERT/CC warned that Eldorado’s capabilities extend to encrypting files on VMware ESXi systems, leading to disruptions in server and workstation operations, impeding data access, and causing business interruptions.

Targeting widely-used systems in Vietnam like VMware ESXi and Windows, Eldorado can disable and encrypt virtual machines, disrupting the entire virtual infrastructure.

To safeguard information systems, administrators of agencies, organizations, and businesses utilizing VMware ESXi and Windows are advised to implement specific security measures:

Utilize multi-factor authentication and access solutions based on authenticated information
Employ EDR (Endpoint Detection and Response) for prompt identification and response to ransomware indicators
Regularly back up data to reduce damage and loss
Deploy AI-based analytics solutions and advanced malware detection technology for real-time threat detection and response

Report

Check This: Williamsburg is basically ‘Wellnessburg,’ and we have the healthy travel guide to prove it

The Untold Story of Harris Faulkner: Triumphs and Trials Behind the Anchor Desk

In the Shadow of Graceland: Riley Keough Reflects on Her Family’s Legacy and the Haunting Curse

Prince Harry’s New Accent Sparks Buzz Among Fans: ‘He Sounds So American Now!’

Will Taylor Swift Show Up to Cheer on Travis Kelce at the Chiefs vs Panthers Game?

Sophia Pippen: The Up-and-Coming Entrepreneur Making Waves with Brand Collaborations and Mom’s Support

Revealing the Heartbreaking Truth: Jayne Mansfield’s Death Certificate Exposes Disturbing Secrets

Stay Alert for New Ransomware Threats, Urges MIC

What do you think?

National Assembly Calls for Tougher Taxes on Excessive Land and Housing Ownership

National Assembly Greenlights Heritage Fund for Sustainable Conservation

South Korean AI Startups Set Their Sights on Vietnam’s Thriving Digital Landscape

Street Cafés Thrive Amidst Ban, Luring Tourists for Iconic Snaps

Enchanting Lotus Harvesting in Vietnam Catches The New York Times’ Eye

Heritage Reimagined: A Craftsman Brings the Five-Panel Ao Dai to Today’s Young Generations

Leave a Reply Cancel reply

What do you think?

Leave a Reply Cancel reply

Log In

Sign In

Forgot password?

Your password reset link appears to be invalid or expired.

Log in

Privacy Policy

Add to Collection

No Collections